alphashoppers virus

Status
Not open for further replies.

TonyH99

New Member
Thread author
Feb 20, 2020
27
Hi, I've had an issue for a while now which seems to redirect me when I use search engines. Currently going to alphashoppers but Im sure previously it was called searchneworld. Have tried every procuct I can find to try and solve the issue as well as deleting chrome and re-installing several times and resetting the browser but nothing seems to find it. Tried attaching both documents but the addition one doesnt seem to want to work so will copy/paste that report below.
 

Attachments

  • FRST_20-02-2020 12.09.02.txt
    32.6 KB · Views: 4

TonyH99

New Member
Thread author
Feb 20, 2020
27
Currently having an issue attatching the Addition log, just wont seem to work, think it's too big to copy/paste too
 

icotonev

Moderator
Verified
Staff Member
Mar 9, 2017
514
Currently having an issue attatching the Addition log, just wont seem to work, think it's too big to copy/paste too

Hi , TonyH99..! Welcome to MalwareTips ..! :)

Please split the Addition log into two parts and publish it in two consecutive posts ..! Thanks..!
 

TonyH99

New Member
Thread author
Feb 20, 2020
27
Tried to do that earlier. File is 54kb so I cant do it in 2. Will likely take a good 8-10 posts tbh but if thats what you want me to do then I can do that sure.
 

TonyH99

New Member
Thread author
Feb 20, 2020
27
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-02-2020
Ran by USer (20-02-2020 12:08:23)
Running from C:\Users\USer\Desktop\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2016-04-04 15:30:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-668954617-4150590539-4158307888-500 - Administrator - Disabled)
Guest (S-1-5-21-668954617-4150590539-4158307888-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-668954617-4150590539-4158307888-1002 - Limited - Enabled)
postgres (S-1-5-21-668954617-4150590539-4158307888-1004 - Limited - Enabled) => C:\Users\postgres
USer (S-1-5-21-668954617-4150590539-4158307888-1000 - Administrator - Enabled) => C:\Users\USer

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================
 

TonyH99

New Member
Thread author
Feb 20, 2020
27
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4GEE WiFi Portal (HKLM-x32\...\ee EE70 4GEE WiFi Portal_is1) (Version: - EE)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.006.20034 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 30.0.0.107 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.330 - Adobe)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AutoHotkey 1.1.23.05 (HKLM\...\AutoHotkey) (Version: 1.1.23.05 - Lexikos)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MG4100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4100_series) (Version: - Canon Inc.)
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform)
Combonator version 1.75 (HKLM-x32\...\{1E8A5FB7-0573-4083-823B-B4E31962F0BC}_is1) (Version: 1.75 - Fuse Media LLC)
Discord (HKU\S-1-5-21-668954617-4150590539-4158307888-1000\...\Discord) (Version: 0.0.305 - Discord Inc.)
f.lux (HKU\S-1-5-21-668954617-4150590539-4158307888-1000\...\Flux) (Version: - f.lux Software LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 80.0.3987.116 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.441 - Google LLC) Hidden
Holdem Manager 2 (HKLM-x32\...\HoldemManager2) (Version: - )
ICMIZER (HKU\S-1-5-21-668954617-4150590539-4158307888-1000\...\98ae6a83-32ab-5b3d-925e-62223f2568a9) (Version: 3.3.0 - Valentin Kuzub)
ICMIZER 2 (HKU\S-1-5-21-668954617-4150590539-4158307888-1000\...\1875530414.www.icmpoker.com) (Version: - www.icmpoker.com)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.50.1172 - Intel Corporation)
join.me (HKU\S-1-5-21-668954617-4150590539-4158307888-1000\...\JoinMe) (Version: 3.3.1.5358 - LogMeIn, Inc.)
Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.14.01.105 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 73.0.1 (x64 en-GB) (HKLM\...\Mozilla Firefox 73.0.1 (x64 en-GB)) (Version: 73.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 72.0.2 - Mozilla)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
PokerStars.uk (HKLM-x32\...\PokerStars.uk) (Version: - PokerStars.uk)
PokerStrategy.com Equilab (HKLM-x32\...\{86D09F48-CDAB-4B4C-8806-F6C16F17935A}) (Version: 1.2.8.0 - PokerStrategy.com)
PostgreSQL 8.4 (HKLM-x32\...\PostgreSQL 8.4) (Version: 8.4 - PostgreSQL Global Development Group)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.94.723.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7730 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
SessionLord (HKLM-x32\...\{4ceecc68-b7e1-4161-8a66-e14102ae4a39}) (Version: 1.0.6 - SessionLord Ltd.) Hidden
Simple GTO Trainer version 0.31 beta (HKLM-x32\...\{D8B6E9A1-AA50-4006-91D5-E9C9A02B28F9}_is1) (Version: 0.31 beta - Simple Poker, LP)
Simple3Way version 1.00 (HKLM-x32\...\{6D8C1DB1-A7B8-43E7-906B-D71520CF8209}_is1) (Version: 1.00 - )
Skype version 8.56 (HKLM-x32\...\Skype_is1) (Version: 8.56 - Skype Technologies S.A.)
StarsHelper (HKLM-x32\...\StarsHelper) (Version: - )
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.1.9025 - TeamViewer)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinDirStat 1.1.2 (HKU\S-1-5-21-668954617-4150590539-4158307888-1000\...\WinDirStat) (Version: - )
 

TonyH99

New Member
Thread author
Feb 20, 2020
27
==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-02-20] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-02-20] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-02-20] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-02-20] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-01-16] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-02-20] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-01-16] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
ShortcutWithArgument: C:\Users\USer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICMIZER 2.lnk -> C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe (Microsoft Corporation) -> 1875530414.www.icmpoker.com

==================== Loaded Modules (Whitelisted) =============

2016-04-08 14:54 - 2014-02-18 08:11 - 000172032 _____ () [File not signed] c:\postgreSQL\bin\LIBPQ.dll
2016-04-08 14:54 - 2012-08-14 13:19 - 000999424 _____ () [File not signed] c:\postgreSQL\bin\libxml2.dll
2019-05-30 07:50 - 2020-01-24 17:22 - 001899520 _____ () [File not signed] C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
2019-05-30 07:50 - 2020-01-24 17:22 - 000115712 _____ () [File not signed] C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll
2019-05-30 07:50 - 2020-01-24 17:22 - 006668800 _____ () [File not signed] C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll
2016-04-04 16:00 - 2012-04-17 09:36 - 001892352 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\xerces-c_2_7.dll
2018-07-02 08:07 - 2011-01-15 15:45 - 000319488 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNSS_ENU.DLL
2016-04-26 15:47 - 2012-06-14 16:18 - 000359936 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNMN6PPM.DLL
2016-04-08 14:54 - 2006-05-03 20:57 - 000888832 _____ (Free Software Foundation) [File not signed] c:\postgreSQL\bin\iconv.dll
2016-04-08 14:54 - 2009-01-06 14:51 - 000968886 _____ (Free Software Foundation) [File not signed] c:\postgreSQL\bin\libiconv-2.dll
2016-04-08 14:54 - 2009-01-06 14:51 - 000083906 _____ (Free Software Foundation) [File not signed] c:\postgreSQL\bin\libintl-8.dll
2016-04-04 16:00 - 2012-04-17 09:30 - 000069632 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\StatusStrings.dll
2016-04-08 14:54 - 2009-04-13 12:23 - 000012288 _____ (Massachusetts Institute of Technology.) [File not signed] c:\postgreSQL\bin\comerr32.dll
2016-04-08 14:54 - 2009-04-13 12:23 - 000135168 _____ (Massachusetts Institute of Technology.) [File not signed] c:\postgreSQL\bin\gssapi32.dll
2016-04-08 14:54 - 2009-04-13 12:23 - 000019968 _____ (Massachusetts Institute of Technology.) [File not signed] c:\postgreSQL\bin\k5sprt32.dll
2016-04-08 14:54 - 2009-04-13 12:23 - 000634880 _____ (Massachusetts Institute of Technology.) [File not signed] c:\postgreSQL\bin\krb5_32.dll
2016-04-08 14:54 - 2008-04-08 14:13 - 000348160 _____ (Microsoft Corporation) [File not signed] c:\postgreSQL\bin\MSVCR71.dll
2016-04-08 14:54 - 2014-01-06 19:38 - 001176576 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] c:\postgreSQL\bin\LIBEAY32.dll
2016-04-08 14:54 - 2014-01-06 19:38 - 000270336 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] c:\postgreSQL\bin\SSLEAY32.dll
 

TonyH99

New Member
Thread author
Feb 20, 2020
27
==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2009-06-10 21:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
HKU\S-1-5-21-668954617-4150590539-4158307888-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\USer\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: Steam => "D:\Program Files (x86)\Steam\steam.exe" -silent

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{BD6FED96-EB86-4A83-B506-14FD4CFA99A9}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe No File
FirewallRules: [{41B701B0-9B04-4171-AE60-8AEB524D7FC7}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe No File
FirewallRules: [{6D68D769-2B08-48AF-A6C4-9B063CA3AAF4}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe No File
FirewallRules: [{A3B7D116-523C-4D49-9EB8-AAE009ED8A07}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe No File
FirewallRules: [{7061F2B6-E342-441B-8CB1-99BACA269506}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe No File
FirewallRules: [{A29886CF-5CBC-4689-ABB6-AC2E65E36B69}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe No File
FirewallRules: [{E00DC0AB-2143-42C7-981E-4846DDE56F1F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe No File
FirewallRules: [{C4FAEAB1-5C75-490C-B384-E673BD48FE20}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe No File
FirewallRules: [{18CA7BCA-6E54-44C0-88A4-BA0623D0BE68}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe No File
FirewallRules: [{DAE73A0C-F27E-44E8-8101-9420B58FCCD4}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe No File
FirewallRules: [{621F23CC-4765-4AC9-A2BD-74D854CCCB55}] => (Allow) LPort=5432
FirewallRules: [{7F04F335-C551-43EE-8FFE-9D1F58BF1D4B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [{C5A363B7-9D44-49CF-A3AE-F891CE0AA6A7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [{DC56794C-B83D-47F6-89E7-A4A1895914F0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe No File
FirewallRules: [{BD6BA999-E683-435A-87DB-2F5AEF367732}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe No File
FirewallRules: [{96DB2740-D4B3-404E-88DB-F7AF3028CE80}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2016\fm.exe No File
FirewallRules: [{C1B5603C-9F97-4348-BE44-13DBAA91F10D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2016\fm.exe No File
FirewallRules: [{8B746D33-C127-4431-897C-620F566F493E}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [{E4525735-801D-46FB-A3FC-ED75199C1C9B}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [{E653AA44-EAC0-46C4-BDB2-4EA390861D1D}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe No File
FirewallRules: [{48FB4038-AFBF-44AA-ADC8-D8C5F171F88F}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe No File
FirewallRules: [{129BB04E-A5C8-4A59-8235-F0D95F865335}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DD4A26D5-E2EA-4FEC-8950-0B7DFEA515E4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{071F5919-23AE-41DA-88AB-BF78353164B7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3CAE306C-E7BD-4B9D-9D55-E7C563027196}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{98F5D212-131C-4D04-A272-DD4EBDD3B74C}C:\program files\dnplayerext2\ldboxheadless.exe] => (Allow) C:\program files\dnplayerext2\ldboxheadless.exe (上海畅指网络科技有限公司 -> Oracle Corporation)
FirewallRules: [UDP Query User{522A718C-4F5B-423C-8628-D66131BF4AD2}C:\program files\dnplayerext2\ldboxheadless.exe] => (Allow) C:\program files\dnplayerext2\ldboxheadless.exe (上海畅指网络科技有限公司 -> Oracle Corporation)
FirewallRules: [{A41997B6-F2E9-4D9F-873A-82FD2F2AAC05}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{FDC84345-D2CE-4855-AC9A-1F98256B92E8}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{DF1BED7E-1620-4FB8-930C-68B90541E07B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{36648DFF-D96C-4FC9-A0AC-AA88C2AFBED6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{03EE3D11-0027-4A0F-9E40-7D7066B0939B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{42662DFD-FD27-482B-87C6-FCA143C18EC9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{131779B0-5784-4E6D-8404-E4CF649FC36C}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0F54C44F-59A1-41E7-B94F-8DAB1A6DE3FE}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{85564EC4-C682-4BC9-9F85-65FEE3E3C71A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A2348019-416A-4861-A3EA-A13AF204747F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{39BF654D-88D3-4FEE-A826-C7DE790A63E9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================
 

TonyH99

New Member
Thread author
Feb 20, 2020
27
20-02-2020 10:44:58 Windows Update

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (02/20/2020 11:40:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/20/2020 11:37:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AvastUI.exe, version: 19.8.4257.2, time stamp: 0x5dc420ea
Faulting module name: KERNELBASE.dll, version: 6.1.7601.24545, time stamp: 0x5e0eb6bd
Exception code: 0xe06d7363
Fault offset: 0x000000000000b87d
Faulting process id: 0x2020
Faulting application start time: 0x01d5e7e1f9ba9aa0
Faulting application path: C:\Program Files\AVAST Software\Avast\AvastUI.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: 5c34265a-53d5-11ea-bf26-8c89a560513e

Error: (02/20/2020 10:41:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/20/2020 01:03:39 AM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2020-02-20 01:03:39 GMTERROR: prepared statement "insertplayer" already exists
2020-02-20 01:03:39 GMTSTATEMENT: PREPARE INSERTPLAYER (text,smallint,integer,integer,smallint) AS Insert into players (playername,pokersite_id,cashhands,tourneyhands,optimizationstatus) values ($1,$2,$3,$4,$5) RETURNING player_id;

PREPARE CSUpdate (integer,integer,smallint,smallint,smallint,integer,
integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
 

TonyH99

New Member
Thread author
Feb 20, 2020
27
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer)
as
Update CompiledPlayerResults set totalhands = totalhands + $6
, TotalAmountWonincents = TotalAmountWonincents + $7
, TotalRakeincents = TotalRakeincents + $8
, TotalBBsWon = TotalBBsWon + $9
, VPIPHands = VPIPHands + $10
, PFRHands = PFRHands + $11
, CouldColdCall = CouldColdCall + $12
, DidColdCall = DidColdCall + $13
, CouldThreeBet = CouldThreeBet + $14
, DidThreeBet = DidThreeBet + $15
, CouldSqueeze = CouldSqueeze + $16
, DidSqueeze = DidSqueeze + $17
, FacingTwoPreflopRaisers = FacingTwoPreflopRaisers + $18
, CalledTwoPreflopRaisers = CalledTwoPreflopRaisers + $19
, RaisedTwoPreflopRaisers = RaisedTwoPreflopRaisers + $20
, SmallBlindStealAttempted = SmallBlindStealAttempted + $21
 

TonyH99

New Member
Thread author
Feb 20, 2020
27
, SmallBlindStealDefended = SmallBlindStealDefended + $22
, SmallBlindStealReraised = SmallBlindStealReraised + $23
, BigBlindStealAttempted = BigBlindStealAttempted + $24
, BigBlindStealDefended = BigBlindStealDefended + $25
, BigBlindStealReraised = BigBlindStealReraised + $26
, SawNonSmallShowdown = SawNonSmallShowdown + $27
, WonNonSmallShowdown = WonNonSmallShowdown + $28
, SawLargeShowdown = SawLargeShowdown + $29
, WonLargeShowdown = WonLargeShowdown + $30
, SawNonSmallShowdownLimpedFlop = SawNonSmallShowdownLimpedFlop + $31
, WonNonSmallShowdownLimpedFlop = WonNonSmallShowdownLimpedFlop + $32
, SawLargeShowdownLimpedFlop = SawLargeShowdownLimpedFlop + $33
, WonLargeShowdownLimpedFlop = WonLargeShowdownLimpedFlop + $34
, WonHand = WonHand + $35
, WonHandWhenSawFlop = WonHandWhenSawFlop + $36
, WonHandWhenSawTurn = WonHandWhenSawTurn + $37
, WonHandWhenSawRiver = WonHandWhenSawRiver + $38
, FacedThreeBetPreflop = FacedThreeBetPreflop + $39
, FoldedToThreeBetPreflop = FoldedToThreeBetPreflop + $40
, CalledThreeBetPreflop = CalledThreeBetPreflop + $41
, RaisedThreeBetPreflop = RaisedThreeBetPreflop + $42
, FacedFourBetPreflop = FacedFourBetPreflop + $43
, FoldedToFourBetPreflop = FoldedToFourBetPreflop + $44
, CalledFourBetPreflop = CalledFourBetPreflop + $45
, RaisedFourBetPreflop = RaisedFourBetPreflop + $46
, TurnFoldIPPassOnFlopCB = TurnFoldIPPassOnFlopCB + $47
, TurnCallIPPassOnFlopCB = TurnCallIPPassOnFlopCB + $48
, TurnRaiseIPPassOnFlopCB = TurnRaiseIPPassOnFlopCB + $49
, RiverFoldIPPassOnTurnCB = RiverFoldIPPassOnTurnCB + $50
, RiverCallIPPassOnTurnCB = RiverCallIPPassOnTurnCB + $51
, RiverRaiseIPPassOnTurnCB = RiverRaiseIPPassOnTurnCB + $52
, SawFlop = SawFlop + $53
, SawShowdown = SawShowdown + $54
, WonShowdown = WonShowdown + $55
, TotalBets = TotalBets + $56
, TotalCalls = TotalCalls + $57
, FlopContinuationBetPossible = FlopContinuationBetPossible + $58
, FlopContinuationBetMade = FlopContinuationBetMade + $59
, TurnContinuationBetPossible = TurnContinuationBetPossible
 

TonyH99

New Member
Thread author
Feb 20, 2020
27
+ $60
, TurnContinuationBetMade = TurnContinuationBetMade + $61
, RiverContinuationBetPossible = RiverContinuationBetPossible + $62
, RiverContinuationBetMade = RiverContinuationBetMade + $63
, FacingFlopContinuationBet = FacingFlopContinuationBet + $64
, FoldedToFlopContinuationBet = FoldedToFlopContinuationBet + $65
, CalledFlopContinuationBet = CalledFlopContinuationBet + $66
, RaisedFlopContinuationBet = RaisedFlopContinuationBet + $67
, FacingTurnContinuationBet = FacingTurnContinuationBet + $68
 

TonyH99

New Member
Thread author
Feb 20, 2020
27
, FoldedToTurnContinuationBet = FoldedToTurnContinuationBet + $69
, CalledTurnContinuationBet = CalledTurnContinuationBet + $70
, RaisedTurnContinuationBet = RaisedTurnContinuationBet + $71
, FacingRiverContinuationBet = FacingRiverContinuationBet + $72
, FoldedToRiverContinuationBet = FoldedToRiverContinuationBet + $73
, CalledRiverContinuationBet = CalledRiverContinuationBet + $74
, RaisedRiverContinuationBet = RaisedRiverContinuationBet + $75
, TotalPostFlopStreetsSeen = TotalPostFlopStreetsSeen + $76
, totalaggressivepostflopstreetsseen = totalaggressivepostflopstreetsseen + $77
where compiledplayerresults_id
 

TonyH99

New Member
Thread author
Feb 20, 2020
27
Is there only so much your allowed to post? Wont let me post anything else now? Feels like the posts get shorter then it just stops me posting anything. Thats not quite even half of it yet fwiw. Will let me post normally but anytime I try and copy/paste a bit more it just says OOps and wont let me post it. Let me know if you want me to post rest please.
 

icotonev

Moderator
Verified
Staff Member
Mar 9, 2017
514
Hi , TonyH99..!

Farbar Recovery Scan Tool - Fix


Please download the attached file * fixlist.txt * to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.


In your next reply, please include:


  • Fixlog.txt
 

Attachments

  • fixlist.txt
    9.4 KB · Views: 4

TonyH99

New Member
Thread author
Feb 20, 2020
27
Thanks for your help, have attached said file.
 

Attachments

  • Fixlog_21-02-2020 10.45.16.txt
    14 KB · Views: 3

icotonev

Moderator
Verified
Staff Member
Mar 9, 2017
514
Hi , TonyH99..!

AdwCleaner

Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now...
    • When the scan has finished a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Filestab ...
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.
+

---------------------------------------------------
Re-scan with FRST
  • Double-click FRST64.exe to run it.
  • Press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste the logs in your next reply.

---------------------------------------------------

In your next reply, please include:

  • AdwCleaner[S0*].txt
  • FRST.txt
  • Addition.txt
 

TonyH99

New Member
Thread author
Feb 20, 2020
27
# -------------------------------
# Malwarebytes AdwCleaner 8.0.2.0
# -------------------------------
# Build: 01-27-2020
# Database: 2020-02-17.1 (Cloud)
# Support: Customer Support & Help Center
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 02-21-2020
# Duration: 00:00:14
# OS: Windows 7 Home Premium
# Scanned: 34851
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner[S00].txt - [2600 octets] - [05/02/2020 11:53:27]
AdwCleaner[C00].txt - [2590 octets] - [05/02/2020 11:53:45]
AdwCleaner[S01].txt - [1535 octets] - [20/02/2020 11:49:46]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top